Date: Wed, 5 Apr 1995 12:12:03 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> To: wollman@halloran-eldar.lcs.mit.edu (Garrett Wollman) Cc: jkh@freefall.cdrom.com, current@freefall.cdrom.com Subject: Re: "Cookbook" for security. Message-ID: <199504051912.MAA01157@gndrsh.aac.dev.com> In-Reply-To: <9504051622.AA25931@halloran-eldar.lcs.mit.edu> from "Garrett Wollman" at Apr 5, 95 12:22:13 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > <<On Wed, 05 Apr 1995 03:35:23 -0700, "Jordan K. Hubbard" <jkh@freefall.cdrom.com> said: > > > It seems to me that this would serve as a very valuable security aid > > and of use in creating the overall security tool from hell that I'd > > like to see on FreeBSD someday! :-) > > One of the results of `make distribution' should be to `cd > /where/ever; mtree <insert_flags_here> > > /somewhere/else/distname.mtree'. Yes, and a lot of the work I put into mtree for the -c option was aimed at just this. Infact at one time /usr/src/etc/mtree/BSD.* where the output of a series of mtree commands I ran and then commited the resulting files. I still run these mtree commands when doing my regression tests of finding out what is working correctly with ``make DESTDIR=foo install''. For creating new versions of /usr/src/etc/mtree/BSD.* files I use: mtree -c -d -i -n -x -kuname,gname,mode -p /usr >/tmp/BSD.usr.dist These still require some hand edits for the header, and now that include has been moved out that requires a hand edit. To create a really good file for checking your system use something like: mtree -c -i -n -kuname,gname,mode,size,link,time,md5digest \ -p / >/tmp/BSD.full.dist -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504051912.MAA01157>